Cybersécurité dans l'espace: comment Thales relève les défis à venir
Understanding the cyber threat:
Billions are being lost due to the rise of cyber attacks in the automotive industry. Industry experts argue that there are several factors that can cause cyber attacks to target this innovating sector. Over the years, cyber attacks have evolved and the emergence of highly autonomous vehicles in the automotive fleet has aroused the interest of attackers in the cyber domain. Today, if the research of vulnerabilities is focusing on this industry, it indicates the importance and destructive potential of the forthcoming threat to the sector. In order to protect vehicles from these malicious behaviors, it is imperative to dive into the type of threats that can affect a vehicle.
The three most common attack vectors over the past decade were servers, keyless entry systems and mobile applications, with a 73% growth in server attacks in 2020.
• IIn 2020, 77.8% of all incidents were remote attacks and 89.9% of the attacks were related to vehicle’s communication channels
• Threats against vehicle data and code account for 86.7% of all incidents
• There were 110 CVEs related to the automotive industry, 33 in 2020 and 24 in 2019
• 40% of cyber activities against vehicles resulted in car theft, which makes it the category with the greatest impact on mobility
The Jeep hack is widely regarded as a landmark event in the automotive industry’s understanding of the cybersecurity challenges it faces. In 2015, two researchers, Miller and Valasek exploited a vulnerability in the CAN (controller area network) bus of the Chrysler-manufactured vehicle. The bus corresponds to the car’s internal network. It oversees the various components within the vehicle such as the engine, sensors and transmission. Taking control of the CAN bus allowed them to send commands to the car, cutting the brakes or running it off the road. This event is not isolated since in 2016, a team of Chinese hackers managed to take control of a Tesla Model S by creating a Wi-Fi hotspot to which the car automatically connects if it is performing Web browsing. This allowed them to access the CAN bus from which they could send commands and engage the brakes. By connecting physical device to internet, for convenience, car manufacturers have created multiple entry points for agile and malicious attackers.
• In 2020, 55% of hacks were carried out by hackers to disrupt business, steal property and demand ransom
• In 2020, 38.6% of hacks were committed by hackers and researchers with 36% of incidents in 2020 involving data and privacy breaches, and 28% of incidents involving theft or break-ins, including in the context of an automotive bug bounty scheme
• In 2019, for the first time, the number of black hat hacks surpassed the number of white hat intrusions